Group

group

The Group object represents a collection or association of entities, such as users, policies, or devices. It serves as a logical grouping mechanism to organize and manage entities with similar characteristics or permissions within a system or organization, including but not limited to purposes of access control.

Attributes

CaptionNameTypeDescription
DescriptiondescStringThe group description.
DomaindomainStringThe domain where the group is defined. For example: the LDAP or Active Directory domain.
NamenameStringEntity:GROUP_OBJECT_NAME

The group name.
PrivilegesprivilegesString[]The group privileges.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Account TypetypeStringThe type of the group or account.
Unique IDuidStringEntity:GROUP_OBJECT_UID

The unique identifier of the group. For example, for Windows events this is the security identifier (SID) of the group.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

Group shown in context

Inbound Relationships

These objects and events reference Group in their attributes:

Outbound Relationships

Group references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0